Operational Semantics of Security Protocols

Cremers, Cas; Mauw, Sjouke

doi:10.1007/11495628_4

Cited by 32 publications

(36 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In short, we require that the behavior of a number of agents executing a security protocol is described by a set of traces in which we can identify the events belonging to the same run. A full semantics satisfying our requirements can be found in [43].…”

Section: Security Protocol Modelmentioning

confidence: 99%

Untraceability of RFID Protocols

Deursen¹,

Mauw²,

Radomirović³

2008

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract.We give an intuitive formal definition of untraceability in the standard Dolev-Yao intruder model, inspired by existing definitions of anonymity. We show how to verify whether communication protocols satisfy the untraceability property and apply our methods to known RFID protocols. We show a previously unknown attack on a published RFID protocol and use our framework to prove that the protocol is not untraceable.

show abstract

Section: Security Protocol Modelmentioning

confidence: 99%

Untraceability of RFID Protocols

Deursen¹,

Mauw²,

Radomirović³

2008

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…Note that this confusion also rules out the naïve modelling of concurrent sessions by the bare unbounded replication within spi-calculus. Some inspiration from the work of Cremers and Mauw [CM05] and the work done in the context of mixed strand spaces [THG99a,GT00] may help us here.…”

Section: Discussionmentioning

confidence: 99%

A Formal Semantics for Protocol Narrations

Briais

Nestmann

2005

Trustworthy Global Computing

View full text Add to dashboard Cite

Protocol narrations are a widely-used informal means to describe, in an idealistic manner, the functioning of cryptographic protocols as a single intended sequence of cryptographic message exchanges among the protocol's participants. Protocol narrations have also been informally "turned into" a number of formal protocol descriptions, e.g., using the spi-calculus. In this paper, we propose a direct formal operational semantics for protocol narrations that fixes a particular and, as we argue, well-motivated interpretation on how the involved protocol participants are supposed to execute. Based on this semantics, we explain and formally justify a natural and precise translation of narrations into spi-calculus. An optimised translation has been implemented in OCaml, and we report on case studies that we have carried out using the tool.

show abstract

“…Similar to [15], we define the semantics of operational strands as an infinitestate transition system, where a state (S; K; E) consists of (1) a set S of closed strands, (i.e., every variable occurs first in a receive message, in a macro, or in a creation of a fresh value), (2) a set K of messages (the intruder knowledge), and (3) a set E of events that have occurred. This transition system is defined by an initial state and a transition relation.…”

Section: A2 the Semantics Of Operational Strandsmentioning

confidence: 96%

“…In Appendix A, we define a semantics as state-transition systems similar to [15], where a state (S; K; E) consists of a set S of strands, a set K of messages that the intruder currently knows and a set E of events that have occurred. For instance, if S contains the strand send(insec, t).rest, where insec represents an insecure channel, then we can make the transition to a successor state where t is added to K and the send step is removed from the given strand.…”

Section: Operational Strandsmentioning

confidence: 99%

Alice and Bob: Reconciling Formal Models and Implementation

Almousa¹,

Mödersheim²,

Viganò

2015

Programming Languages With Applications to Biology and Security

View full text Add to dashboard Cite

Abstract. This paper defines the "ultimate" formal semantics for Alice and Bob notation, i.e., what actions the honest agents have to perform, in the presence of an arbitrary set of cryptographic operators and their algebraic theory. Despite its generality, this semantics is mathematically simpler than any previous attempt. For practical applicability, we introduce the language SPS and an automatic translation to robust real-world implementations and corresponding formal models, and we prove this translation correct with respect to the semantics.

show abstract

Operational Semantics of Security Protocols

Cited by 32 publications

References 21 publications

Untraceability of RFID Protocols

Untraceability of RFID Protocols

A Formal Semantics for Protocol Narrations

Alice and Bob: Reconciling Formal Models and Implementation

Contact Info

Product

Resources

About